# Non-Invertible Public Key Certificates

^{1}

^{2}

^{*}

## Abstract

**:**

## 1. Introduction

- 1.
- Multiplication-based protocol. In a ring with unity over ${\mathbb{Z}}_{n}$ where $n=p\xb7q$ and p, q are prime numbers. An integer may or may not have a multiplicative inverse. Multiplication between invertible and a non-invertible integer yields a non-invertible integer according to the basic properties of modular arithmetic. Alice multiplies a random non-invertible ${v}_{a}$ by a random invertible ${k}_{a}$, then she sends the result to Bob who multiplies it by his random invertible ${k}_{b}$ returning the resulting integer to Alice who removes ${k}_{a}$ multiplying by ${k}_{a}^{-1}$ and sending the result to Bob. Finally, Bob removes his invertible integer applying ${k}_{b}^{-1}$. At this point Bob has obtained ${v}_{a}$. Although a non-invertible integer does not have a multiplicative inverse, hence factorization of the public integers are prohibited, a division attack is discussed in [5].
- 2.
- Exponent-based protocol. The integer that results after exponentiation say ${p}^{{x}_{a}}$ gives a non-invertible integer. Using this math property, the protocol defines that Alice sends ${p}^{{x}_{a}}{k}_{a}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n$ to Bob who returns ${p}^{{x}_{a}}{k}_{a}{k}_{b}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n$ to her. Then she multiplies it by ${k}_{a}^{-1}$ and sends back ${p}^{{x}_{a}}{k}_{b}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n$. Bob applies ${k}_{b}^{-1}$ thus obtaining the shared secret ${p}^{{x}_{a}}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n$. Unfortunately, this version of the protocol is also vulnerable to a division attack [5].
- 3.
- Non-invertible KEP. This protocol defines a public key exchange algorithm. To surpass the division attack, ni-KEP introduces Euler’s identity to derive the keys which are defined according to the relations $\{{p}^{{x}_{i}}{k}_{i}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n,\phantom{\rule{2.84526pt}{0ex}}{q}^{{y}_{i}}{k}_{i}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n\}$, $i=a,b$ for Alice’s and Bob’s public keys respectively and n is obtained as $n=p\xb7q\xb7r$ where p and q are small prime public numbers and r is a big prime public integer. On the other hand, $\{{k}_{i},{x}_{i}\}$ constitute the private key, while the number ${y}_{i}$ is derived from the equation $\varphi \left(n\right)={x}_{i}+{y}_{i}+1$ where $\varphi \left(n\right)$ is the Euler’s totient equation. A detailed discussion of this protocol will be presented in a later section.

**Our contribution.**In this work, we enhance Lizama’s non-invertible key exchange method [5] in order to support Certification Authorities (CA) to allow users to exchange digital certificates which are bounded to their public keys. We claim that our cryptosystem exhibits competitive key size and is able to handle certificated keys, interdomain certification and perfect forward secrecy.

**Organization of the paper.**First, in Section 2, we discuss the main quantum cryptographic approaches: quantum and post-quantum. In Section 3, we summarize principles of public key cryptography considering digital certificates and the Certification Authority role. Then we describe in Section 4 Lizama’s non-invertible protocol to put forward and in Section 5 how Lizama’s KEP can be used to support CAs in single and multiple certification domains. Finally, Section 6 explains a method to derive a new session key from a past session key, thus achieving Perfect Forward Secrecy (PFS). Appendix A contains a brief description about RSA and DH cryptosystems along two possible attacks: prefix and multiplication-based attacks.

## 2. Cryptography in the Quantum Era

## 3. Public Key Cryptography

#### 3.1. Digital Certificates

#### 3.2. Certification Authority (CA)

- 1.
- Alice obtains the certificate of CA${}_{2}$ signed by CA${}_{1}$. Since Alice has the public key of CA${}_{1}$, she can get the public key of CA${}_{2}$ from its certificate and verify it using the signature of CA${}_{1}$ on the certificate.
- 2.
- From the directory, Alice obtains the certificate of Bob signed by CA${}_{2}$. Since Alice now has the public key of CA${}_{2}$, she can verify the signature, therefore getting Bob’s public key.

## 4. Lizama’s Key Exchange Protocol

- 1.
- Once public keys have been exchanged, Alice and Bob perform two operations over the numbers received: exponentiation and multiplication as indicated in Table 1.
- 2.
- To derive the results in the right column of Table 1, Euler’s theorem is applied in ${\mathbb{Z}}_{n}$. The theorem is written in Equation (1) where r is an integer safe prime. As a result that $n=pqr$, we have that $\varphi \left(n\right)=(p-1)(q-1)(r-1)$. Here, k and n are relative prime to each other, so k is an invertible integer in ${\mathbb{Z}}_{n}$. The exponent ${x}_{i}$ constitutes the private key, is chosen randomly, but ${x}_{i}$ and ${y}_{i}$ sum up $\varphi \left(n\right)+1$, thus according to Equation (1) we have ${k}^{\varphi \left(n\right)+1}={k}^{\varphi \left(n\right)}\xb7{k}^{1}=k$ because k is an invertible integer in ${\mathbb{Z}}_{n}$.$${k}^{\varphi \left(n\right)}\equiv 1\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n$$
- 3.
- Users exchange the resulting value ${p}^{2{x}_{a}{x}_{b}}{q}^{{y}_{a}{y}_{b}}{k}_{i}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n$, which is multiplied by the corresponding inverse ${{k}_{i}}^{-1}$ at each side to derive the secret shared key ${p}^{2{x}_{a}{x}_{b}}{q}^{{y}_{a}{y}_{b}}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n$ as depicted in Figure 4.

**Figure 4.**Lizama’s non-invertible key exchange method (KEP) [5]. All operations are modulo n where $n=pqr$. According to Euler’s theorem ${k}^{\varphi \left(n\right)+1}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n=k$ because k is an invertible integer in ${\mathbb{Z}}_{n}$.

- —
- $\left|k\right|=\left|n\right|$
- —
- if $p=2$ and $n=4r$, we have ${2}^{2x}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}4r$, then ${4}^{x}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}4r$ yields $\left|4\right|\xb7\left|x\right|=\left|4\right|+\left|r\right|$ and $\left|x\right|\sim \frac{\left|r\right|}{2}$.
- —
- since the private key is conformed by x and k, its size is computed as $\left|n\right|+\left|x\right|\sim \left|r\right|+\left|x\right|$ which gives 1536.

#### 4.1. Cipher-System

#### 4.2. Mathematical Representation

## 5. Key Certification with Lizama’s ni-KEP

- 1.
- To certify their public key with the Certification Authority CA, user i sends to CA their public key $({P}_{i},{Q}_{i})$.
- 2.
- If CA approves the request of i, they generate and publish the certified key $\left[{k}_{i,ac}\right]$${k}_{i}$ which has been derived according to Table 3.
- 3.
- The CA’s public database of certified keys can be seen in Table 4 which contains the certified keys of Alice and Bob.

- 1.
- Using CA’s public key $({P}_{ca},{Q}_{ca})$, Alice computes $\left[{k}_{a,ca}\right]$${k}_{ca}$. In addition, she computes $\left[{k}_{a,b}\right]$${k}_{b}$ using Bob’s public key $({P}_{b},{Q}_{b})$.
- 3.
- Alice multiplies them by Bob’s certified key $\left[{k}_{b,ca}\right]{k}_{b}$ and sends the resulting integer number to Bob. The same procedure is applied by him.
- 4.
- Bob multiplies the received integer by ${{k}_{b}}^{-1}$ twice, thus he obtains the secret shared key ${K}_{ab}=\left[{k}_{a,b}\right]\left[{k}_{b,ca}\right]\left[{k}_{a,ca}\right]{k}_{ca}$ (see Figure 5).
- 5.
- Applying this procedure, Bob derives the same secret number ${K}_{ab}$.

**Figure 5.**Non-invertible KEP with Certification Authority (CA). All operations are performed module n.

#### 5.1. Indistinguishability

#### 5.2. Multiple CAs

- 1.
- Using CA${}_{1}$’s public key $({P}_{c{a}_{1}},{Q}_{c{a}_{1}})$, Alice computes $\left[{k}_{a,a{c}_{1}}\right]$${k}_{a{c}_{1}}$, she also computes $\left[{k}_{a,b}\right]$${k}_{b}$ with Bob’s public key $({P}_{b},{Q}_{b})$.
- 3.
- Alice multiplies them by Bob’s certificate $\left[{k}_{b,c{a}_{2}}\right]{k}_{b}$ and CA${}_{2}$’s certificate $\left[{k}_{c{a}_{1},c{a}_{2}}\right]$${k}_{{ca}_{2}}$ and sends the resulting integer number to Bob. The same procedure is applied by Bob.
- 4.
- Alice multiplies the received integer by ${{k}_{a}}^{-1}$ twice, thus she obtains the secret shared key ${K}_{ab}=\left[{k}_{a,b}\right]\left[{k}_{a,{ca}_{1}}\right]{k}_{{ca}_{1}}\left[{k}_{b,{ca}_{2}}\right]{k}_{{ca}_{2}}\left[{k}_{c{a}_{1},c{a}_{2}}\right]$ (see Figure 6).
- 5.
- Applying the same procedure, Bob derives the secret shared number ${K}_{ab}$.

**Table 5.**Public databases of CA${}_{1}$ and CA${}_{2}$ which would be located distantly, so database of CA${}_{1}$ is accessible to Alice and CA${}_{2}$’s database is close to Bob.

CA | User | Public Key | Certified Key |
---|---|---|---|

CA${}_{1}$ | $({P}_{c{a}_{1}},{Q}_{c{a}_{1}})$ | - | |

CA${}_{2}$ | $({P}_{c{a}_{2}},{Q}_{c{a}_{2}})$ | $\left[{k}_{c{a}_{1},c{a}_{2}}\right]$${k}_{{ca}_{2}}$ | |

CA${}_{1}$ | Alice | $({P}_{a},{Q}_{a})$ | $\left[{k}_{a,{ca}_{1}}\right]$${k}_{a}$ |

CA${}_{2}$ | $({P}_{c{a}_{2}},{Q}_{c{a}_{2}})$ | - | |

CA${}_{1}$ | $({P}_{c{a}_{1}},{Q}_{c{a}_{1}})$ | $\left[{k}_{c{a}_{1},c{a}_{2}}\right]$${k}_{{ca}_{1}}$ | |

CA${}_{2}$ | Bob | $({P}_{b},{Q}_{b})$ | $\left[{k}_{b,{ca}_{2}}\right]$${k}_{b}$ |

## 6. Perfect Forward Secrecy (PFS)

- 1.
- Alice and Bob share a certified key ${K}_{i}$ from a previous exchange.
- 2.
- Using CA’s public key $({P}_{ca},{Q}_{ca})$, Alice computes $\left[{k}_{a,ca}\right]$${k}_{ca}$. In addition, according to Table 6, Alice computes ${\left[{k}_{a,b}\right]}^{{K}_{i}}$${{k}_{b}}^{{K}_{i}}$ using Bob’s public key $({P}_{b},{Q}_{b})$.
- 4.
- Alice multiplies them by Bob’s certificate $\left[{k}_{b,ca}\right]$${k}_{b}$ and sends the resulting number to Bob. The same procedure is applied by Bob.
- 5.
- Bob multiplies the received integer by ${{k}_{b}}^{-{K}_{i}-1}$, thus he obtains the secret shared key ${K}_{i+1}={\left[{k}_{a,b}\right]}^{{K}_{i}}\left[{k}_{a,ca}\right]\left[{k}_{b,ca}\right]{k}_{ca}$ (see Figure 7).
- 6.
- Conversely, Alice multiplies the received integer by ${{k}_{a}}^{-{K}_{i}-1}$, thus she gets the secret shared key ${K}_{i+1}={\left[{k}_{a,b}\right]}^{{K}_{i}}\left[{k}_{b,ca}\right]\left[{k}_{a,ca}\right]{k}_{ca}$.

Short Notation | Mathematical Operation |
---|---|

$({P}_{i},{Q}_{i})$ | $\phantom{\rule{14.22636pt}{0ex}}{P}_{i}={p}^{2{x}_{i}}{k}_{i}$, ${Q}_{i}={q}^{{y}_{i}}{k}_{i}$ |

${{P}_{i}}^{{x}_{j}}\xb7{{Q}_{i}}^{{y}_{j}}$ | $\phantom{\rule{14.22636pt}{0ex}}{\left({p}^{2{x}_{i}}{k}_{i}\right)}^{{x}_{j}}\xb7{\left({q}^{{y}_{i}}{k}_{i}\right)}^{{y}_{j}}$ |

$\left[{k}_{i,j}\right]$${k}_{i}$ | $\phantom{\rule{14.22636pt}{0ex}}{p}^{2{x}_{i}{x}_{j}}{q}^{{y}_{i}{y}_{j}}{k}_{i}$ |

${{P}_{i}}^{{k}_{s}{x}_{j}}\xb7{{Q}_{i}}^{{k}_{s}{y}_{j}}$ | $\phantom{\rule{14.22636pt}{0ex}}{\left({p}^{2{x}_{i}}{k}_{i}\right)}^{{k}_{s}{x}_{j}}\xb7{\left({q}^{{y}_{i}}{k}_{i}\right)}^{{k}_{s}{y}_{j}}$ |

${\left[{k}_{i,j}\right]}^{{k}_{s}}$${{k}_{i}}^{{k}_{s}}$ | $\phantom{\rule{14.22636pt}{0ex}}{p}^{2{k}_{s}{x}_{i}{x}_{j}}{q}^{{k}_{s}{y}_{i}{y}_{j}}{{k}_{i}}^{{k}_{s}}$ |

**Figure 7.**Alice and Bob require to establish a new secret key ${K}_{i+1}$. However, they do not want to use the last secret key ${K}_{i}$. This procedure is repeated to derive ${K}_{i+2}$ from ${K}_{i+1}$.

## 7. Discussion

## 8. Conclusions

## Author Contributions

## Funding

## Conflicts of Interest

## Appendix A

#### Appendix A.1. RSA Cryptosystem

#### Appendix A.2. Diffie–Hellman Key Exchange

#### Appendix A.3. Prefix Attack

- ${w}_{a}=4{x}_{a}\xb7{k}_{a}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}4r$
- ${w}_{ab}={w}_{a}\xb7{k}_{b}=4{x}_{a}\xb7{k}_{a}\xb7{k}_{b}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}4r$
- ${{w}_{a}}^{\prime}={w}_{a}\xb7{4}^{-1}={x}_{a}\xb7{k}_{a}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}r$
- ${\left({{w}_{a}}^{\prime}\right)}^{-1}={({x}_{a}\xb7{k}_{a})}^{-1}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}r$
- ${k}_{b}={\left({{w}_{a}}^{\prime}\right)}^{-1}\xb7{{w}_{ab}}^{\prime}={k}_{b}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}r$

#### Appendix A.4. Multiplication-Based Attack

- $P={2}^{x}k\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}4r$,
- $Q={2}^{2r-1-x}k\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}4r$ because $y=2r-2-x+1$
- $P\xb7Q={2}^{2r-1}{k}^{2}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}4r$
- $P\xb7Q\xb7{2}^{-2}={2}^{2r-3}{k}^{2}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}r$
- ${k}^{2}\equiv P\xb7Q\xb7{2}^{-2}\xb7{\left({2}^{2r-3}\right)}^{-1}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}r$

- $P={2}^{2x}k\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}4r$,
- $Q={2}^{2r-1-x}k\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}4r$ where $x<2r-1$
- $P\xb7Q={2}^{x+2r-1}{k}^{2}\equiv {2}^{x}\phantom{\rule{2.84526pt}{0ex}}{2}^{2r-1}{k}^{2}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}4r$

## References

- Shor, P.W. Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on on Foundations of Computer Science, Santa Fe, NM, USA, 20–22 November 1994. [Google Scholar]
- Barreno, M.A. The Future of Cryptography under Quantum Computers. Dartmouth College Undergraduate Theses, 23 July 2002. Available online: https://digitalcommons.dartmouth.edu/senior_theses/23 (accessed on 11 February 2021).
- Laboratory, I.T. PQC Standardization Process: Third Round Candidate Announcement. Available online: https://csrc.nist.gov/news/2020/pqc-third-round-candidate-announcement (accessed on 11 February 2021).
- Chen, L.; Jordan, S.; Liu, Y.-K.; Moody, D.; Peralta, R.; Perlner, R.; Smith-Tone, D. Report on Post-Quantum Cryptography. Available online: http://cm.1-s.es/2017/nistir_8105_draft.pdf (accessed on 11 February 2021).
- Lizama-Perez, L.A. Non-Invertible Key Exchange Protocol. SN Appl. Sci.
**2020**, 2, 1–13. Available online: https://link.springer.com/content/pdf/10.1007/s42452-020-2791-3.pdf (accessed on 11 February 2021). [CrossRef] - Grover, L.K. A Fast Quantum Mechanical Algorithm for Database Search. In Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, Philadelphia, PA, USA, 22–24 May 1996. [Google Scholar]
- Bennett Ch, H.; Brassard, G. Quantum cryptography: Public key distribution and coin tossing. arXiv
**2020**, arXiv:2003.06557. [Google Scholar] [CrossRef] - Lizama-Pérez, L.A.; López, J.M.; De Carlos-López, E.; Venegas-Andraca, S.E. Quantum flows for secret key distribution in the presence of the photon number splitting attack. Entropy
**2014**, 16, 3121–3135. [Google Scholar] [CrossRef] [Green Version] - Lizama-Pérez, L.A.; López, J.M.; De Carlos López, E. Quantum key distribution in the presence of the intercept-resend with faked states attack. Entropy
**2017**, 19, 4. [Google Scholar] [CrossRef] [Green Version] - Lizama-Perez, L.A.; López, J.M. Quantum key distillation using binary frames. Symmetry
**2020**, 12, 1053. [Google Scholar] [CrossRef] - Bernstein, D.J.; Lange, T. Post-quantum cryptography. Nature
**2017**, 549, 188–194. [Google Scholar] [CrossRef] [PubMed] - Wang, S.; Zhu, Y.; Ma, D.; Feng, R. Lattice-based key exchange on small integer solution problem. Sci. China Inf. Sci.
**2014**, 57, 1–12. [Google Scholar] [CrossRef] [Green Version] - Mao, S.; Zhang, P.; Wang, H.; Zhang, H.; Wu, W. Cryptanalysis of a lattice based key exchange protocol. Perspect. Sci.
**2016**, 8, 228–230. [Google Scholar] [CrossRef] - Jao, D.; De Feo, L. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In Post-Quantum Cryptography. PQCrypto 2011; Lecture Notes in Computer Science; Yang, B.Y., Ed.; Springer: Berlin/Heidelberg, Germany, 2011. [Google Scholar]
- Costello, C.; Longa, P.; Naehrig, M. Efficient algorithms for supersingular isogeny diffie-hellman. In Advances in Cryptology—CRYPTO 2016. CRYPTO 2016; Lecture Notes in Computer Science; Robshaw, M., Katz, J., Eds.; Springer: Berlin/Heidelberg, Germany, 2016. [Google Scholar]
- Matsumoto, T.; Imai, H. Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In Advances in Cryptology—EUROCRYPT ’88. EUROCRYPT 1988; Lecture Notes in Computer Science; Barstow, D., Ed.; Springer: Berlin/Heidelberg, Germany, 1988. [Google Scholar]
- Merkle, R.C. Method of Providing Digital Signatures. US Patent 4,309,569, 5 January 1982. [Google Scholar]
- Lizama-Perez, L.A. Digital signatures over hash-entangled chains. SN Appl. Sci.
**2019**, 1, 1–8. [Google Scholar] [CrossRef] [Green Version] - Lizama-Pérez, L.A.; Montiel-Arrieta, L.J.; Hernández-Mendoza, F.S.; Lizama-Servín, L.A.; Eric, S.-A. Public hash signature for mobile network devices. Ing. Investig. Tecnol.
**2019**, 20, 1–10. Available online: https://pdfs.semanticscholar.org/fce5/99b5af03457e4b94e123e575d1daca8e24ab.pdf (accessed on 11 February 2021). - Diffie, W.; Hellman, M. New directions in cryptography. IEEE Trans. Inf. Theory
**1976**, 22, 644–654. [Google Scholar] [CrossRef] [Green Version] - Koblitz, N. Elliptic curve cryptosystems. Math. Comput.
**1987**, 48, 203–209. [Google Scholar] [CrossRef] - Miller, V.S. Use of elliptic curves in cryptography. In Advances in Cryptology—CRYPTO ’85 Proceedings. CRYPTO 1985. Lecture Notes in Computer Science; Williams, H.C., Ed.; Springer: Berlin/Heidelberg, Germany, 1986. [Google Scholar]
- Bindel, N.; Herath, U.; McKague, M.; Stebila, D. Transitioning to a quantum-resistant public key infrastructure. In Post-Quantum Cryptography. PQCrypto 2017; Lecture Notes in Computer Science; Lange, T., Takagi, T., Eds.; Springer: Berlin/Heidelberg, Germany, 2017. [Google Scholar]
- Pradel, G.; Mitchell, C.J. Post-quantum certificates for electronic travel documents. In Computer Security. ESORICS 2020; Lecture Notes in Computer Science; Boureanu, I., Ed.; Springer: Berlin/Heidelberg, Germany, 2020. [Google Scholar]
- Kampanakis, P.; Panburana, P.; Daw, E.; Van Geest, D. The viability of post-quantum X.509 certificates. IACR Cryptol. ePrint Arch.
**2018**, 2018, 63. [Google Scholar] - Polk, W.; Housley, R.; Bassham, L. Algorithms and identifiers for the internet X.509 public key infrastructure certificate and certificate revocation list (crl) profile. Algorithms
**2002**, 2, 26. [Google Scholar] - Gerck, E. Overview of Certification Systems: X.509, ca, pgp and Skip. Available online: https://www.blackhat.com/presentations/bh-usa-99/EdGerck/certover.pdf (accessed on 11 February 2021).
- Abdul-Rahman, A. The Pgp Trust Model. EDI Forum J. Electron. Commer.
**1997**, 10, 27–31. Available online: https://ldlus.org/college/WOT/The_PGP_Trust_Model.pdf (accessed on 11 February 2021). - NIST Round 3 Finalists. Available online: https://pqc-wiki.fau.edu/w/Special:DatabaseHome (accessed on 11 February 2021).
- Banerjee, U.; Chandrakasan, A.P. Efficient Post-Quantum TLS Handshakes using Identity-Based Key Exchange from Lattices. In Proceedings of the 2020 IEEE International Conference on Communications (ICC), Dublin, Ireland, 7–11 June 2020. [Google Scholar]
- Rivest, R.L.; Shamir, A.; Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM
**1978**, 21, 120–126. [Google Scholar] [CrossRef]

**Figure 2.**A man in the middle (MITM) attack over Diffie–Hellman (DH) protocol. The eavesdropper obtains a key with Alice ${K}_{ae}$ and other with Bob ${K}_{be}$. Legitimate users cannot verify the origin of exchanged numbers.

**Figure 3.**Diffie–Hellman algorithm with RSA. Bob’s public key is written as ${P}_{{U}_{B}}=({e}_{b},{n}_{b})$, Bob’s private key is ${{e}_{b}}^{-1}$ that indicates the inverse of ${e}_{b}$ in ${\mathbb{Z}}_{\varphi \left(n\right)}$. ${H}_{K}$ represents the hash value of K which is used by Alice to verify the origin of the received number.

**Table 1.**These operations (exponentiation and multiplication) are performed at each side after public keys of users are exchanged.

User | Operation | Result |
---|---|---|

Alice | $\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}{\left(\right)open="("\; close=")">{p}^{2{x}_{b}}\xb7{k}_{b}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n}^{}{x}_{a}$ | ${p}^{2{x}_{b}{x}_{a}}{q}^{{y}_{b}{y}_{a}}\xb7{k}_{b}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n$ |

Bob | $\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}{\left(\right)open="("\; close=")">{p}^{2{x}_{a}}\xb7{k}_{a}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n}^{}{x}_{b}$ | ${p}^{2{x}_{a}{x}_{b}}{q}^{{y}_{a}{y}_{b}}\xb7{k}_{a}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}n$ |

**Table 2.**Lizama’s key exchange algorithm can be used to encrypt/decrypt messages provided ${k}_{s}$ is divided by $pq$.

Mode | Mathematical Relation |
---|---|

Encryption | $c=m\xb7{k}_{r}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}r$ |

Decryption | $m=c\xb7{{k}_{r}}^{-1}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}\mathrm{mod}\phantom{\rule{4pt}{0ex}}\phantom{\rule{4pt}{0ex}}r$ |

Short Notation | Mathematical Operation |
---|---|

$({P}_{i},{Q}_{i})$ | ${P}_{i}={p}^{2{x}_{i}}{k}_{i}$, ${Q}_{i}={q}^{{y}_{i}}{k}_{i}$ |

${{P}_{i}}^{{x}_{j}}\xb7{{Q}_{i}}^{{y}_{j}}$ | ${\left(\right)}^{{p}^{2{x}_{i}}{k}_{i}}{x}_{j}$ |

$\left[{k}_{i,j}\right]$${k}_{i}$ | ${p}^{2{x}_{i}{x}_{j}}{q}^{{y}_{i}{y}_{j}}{k}_{i}$ |

**Table 4.**CA’s public database. The Certification Authority CA publishes their public key $({P}_{ca},{Q}_{ca})$.

User | Public Key | Certified Key |
---|---|---|

CA | $({P}_{ca},{Q}_{ca})$ | - |

Alice | $({P}_{a},{Q}_{a})$ | $\left[{k}_{a,ca}\right]$${k}_{a}$ |

Bob | $({P}_{b},{Q}_{b})$ | $\left[{k}_{b,ca}\right]$${k}_{b}$ |

**Table 7.**A comparison of Lizama’s protocol against National Institute of Standards and Technology (NIST) Round 3 finalists is shown in the categories of public key encryption and key-establishment algorithms [29].

Scheme | System | Public Key (KB) | Private Key (KB) | Signature (KB) |
---|---|---|---|---|

Public Key/ KEM | LIZAMA’S KEP | 0.256–0.512 | 0.192–0.384 | – |

Classic McEliece | 261,120–1,357,824 | 6492–14,120 | – | |

CRYSTALS-KYBER | 1.632–3.168 | 0.8–1.568 | – | |

NTRU-HPS | 0.931–1.230 | 1.235–1.592 | – | |

SABER | 0.672–1.312 | 1.568–3.040 | – | |

Signature Algorithms | CRYSTALS-DILITHIUM | 1.312–2.592 | – | 2.420–4.595 |

FALCON | 0.897–1.793 | – | 0.666–0.280 | |

Rainbow | 157.8–1885.4 | 101.2–1375.7 | 0.066–0.212 |

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |

© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Lizama-Perez, L.A.; López R., J.M.
Non-Invertible Public Key Certificates. *Entropy* **2021**, *23*, 226.
https://doi.org/10.3390/e23020226

**AMA Style**

Lizama-Perez LA, López R. JM.
Non-Invertible Public Key Certificates. *Entropy*. 2021; 23(2):226.
https://doi.org/10.3390/e23020226

**Chicago/Turabian Style**

Lizama-Perez, Luis Adrián, and J. Mauricio López R.
2021. "Non-Invertible Public Key Certificates" *Entropy* 23, no. 2: 226.
https://doi.org/10.3390/e23020226